How to block potentially harmful file attachments
While most malicious attachments are reliably detected by the Integrated Malware Scanner, it occasionally happens that new malware remains undetected. With the help of NoSpamProxy it is possible,
- to block potentially harmful attachments in general,
- to allow only senders considered trustworthy by Level of Trust, or
- to quarantine attachments.
NOTE: Please note that the quarantine functionality requires a working Web Portal and Large Files license.
Creating a content filter to block, filter or quarantine attachments
- Go to Configuration > Content filter > Content filters.
- Click Add.
- In the Content filter entries dialog, click Add.
- Configure the entry according to your requirements.
- Click Save and close.
- (Optional) Repeat steps 3, 4 and 5 for all other file types.
Activating the content filter for incoming emails
- Go to People and Identities > Partners > Default partner settings.
- Click Modify.
- Select the new filter under Content filtering.
- Click Save and close.
Setting up individual content filtering for specific senders
- Go to People and identities > Partners > Partners.
- Double-click the domain.
- Do one of the following:
- Set up content filters for a domain
- Under Content filtering, click Modify.
- Select the desired filter.
- Set up content filter for a user entry
- Switch to the User entries tab.
- Double-click the desired user.
- Select the desired filter.
- Set up content filters for a domain
- Click Save and close.
- Click Close dialog .
List of potentially harmful attachments and recommended procedure
WARNING: These are only general recommendations that are not suitable for every scenario. Applying these recommendations is at your own risk.
From version 11.1, you can automatically release files after a period of time (default 2 hours) after a new scan has taken place and it was again unsuspicious. This procedure is particularly recommended for attachments that are to be quarantined according to the list below.
Usually, harmful contents are detected after 30 minutes at the latest. So while the content is not yet recognized as harmful when it arrives, this can often be the case after a short time.